Server Hardening

Server Hardening is the process of enhancing server security through a variety of means which results in a much more secure server operating environment. This is due to the advanced security measures that are put in place during the server hardening process.

Disable lamed server logging:

Run the commands:

service named stop

nano -w /etc/named.conf

Add these lines at the top. Some servers will already have a logging {} section. If so, simply add these lines inside the existing logging section:

logging {

category lame-servers { null; };

};

Under the options {} section, add these lines below directory /var/…:

allow-transfer { none; };

version “[null]“;

recursion no;

Restart the named service using the command:

service named restart
nano /etc/resolv.conf

Note

For BIND, make sure that it is not in a clustered environment or master slave setup.

Disable direct root login:

Run the commands below. The third command will prompt you for a password:

While selecting modules in the Short Options List, select Mod Security.

Select Start customizing based on profile.

Now, the Wizard will start recompiling Apache. Monitor the screen carefully and note down if there are any error messages being shown. When the build is complete, verify that the PHP pages are loading correctly.

Plesk Server

Since Plesk is fully rpm based, you can just install the mod_security module. Since mod_secuirty is not available in the common rpm repos, you can use the below script to install
module:

wget -q -O - http://www.atomicorp.com/installers/atomic.sh | sh

yum install mod_security

Unlike other Apache modules rpm installation, this process will not add LoadModule in the httpd.conf file by default. Edit the httpd.conf file and add the
following lines below the LoadModule section:

Rules may block the web application throwing access denied errors. Keep monitoring the /etc/httpd/logs/error_logs file and remove the rules which you do not require. If you are getting the ModSecurity: Rule execution error - PCRE limits exceeded (-8): (null). warning in your error logs, it may eat up all your CPU and memory resources by creating around 100 to 150 MB of RSS memory per pid and you will see an unusual usage of locale-archive around 60 MB in pmap. To solve this problem, create the file pcre_modsecurity_exceeded_limits.conf inside the /etc/httpd/conf folder: